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DETAILED ACTION 
Response to Amendment 
Applicant's arguments with respect to previously presented claims 1-28 & 31-36 and 
amended claims 29-30 filed 7/22/2005 have been fully considered and therefore the claims are 
rejected under new grounds. Previous 35 USC 1 12, second paragraph rejections with regards to 
the claims have been withdrawn. 

Claim Objections 

Claims 1, 13, 21, and 3 1 are objected to because of the following informalities: It is 
unclear what the transitional phrase is that separates the preamble from the body of the claim. 
Appropriate correction is required. 

Claim Rejections - 35 USC §101 

I. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

II. Claims 21- 25 and 27-28 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter, as they do not fall under any of the statutory classes of 
inventions. The language in the claims raise an issue because the claims are directed merely to 
an abstract idea that is not tied to an article of manufacture which would result in a practical 
application producing a concrete, useful, and tangible result to form the basis of statutory subject 
matter under 35 U.S.C. 101. 
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Double Patenting 

III. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. 
Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 
1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 
CFR 3.73(b). 

IV. Claims 1-36 are provisionally rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claim 1-43 of copending 
Application No. 10/086,147. This is a provisional obviousness-type double patenting rejection. 

Although the conflicting claims are not identical, they are not patentably distinct from 
each other because both the present application and application 10/086,147 relate to a portable 
storage device used for implementing access control. They both disclose a portable storage 
device containing network identification information for a processing unit that is connectable to 
a data communications network and includes a device reader for reading the portable storage 
device, the portable storage device comprising storage and access controller, the storage holding 
a network identity for the processing unit. Not explicitly disclosed in that claim is the use of at 
least one encryption key and the access controller being operable to control access to the storage 
by implementing key-key encryption. However, claim 10 of application 10/086,147 teaches this 
aspect. Therefore, it would have been obvious to a person in the art at the time the invention was 
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made to incorporate claims 1 and 10 of application 10/086,147 into claims 1, 13, 21, and 29-31 
of the present application for a more secure way of implementing access control. 

Furthermore, there is no apparent reason why Applicant would be prevented from 
presenting claims corresponding to those of the instant application in the other copending 
application. See In re Schneller, 397 F.2d 350 USPQ 210 (CCPA 1968). See also MPEP 804. 

Claim Rejections - 35 USC §103 

V. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

VI. Claims 1-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sehr, US 
Patent No. 6,085,976 and further in view of Houvener et al., US Pub. No. 2002/0138351. 
As per claims 1 and 3 1 : 

Sehr substantially teaches a portable storage device for a processing unit that is 
connectable to a data communications network and includes a device reader for reading the 
portable storage device, the portable storage device comprising storage containing an access 
controller, the storage holding at least one encryption key, and the access controller being 
operable to control access to the storage by implementing key-key encryption (col. 18, lines 1- 
36). 

Not explicitly disclosed is the portable storage device containing network identification 
information or the storage holding a network identity for the processing unit. However, 
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Houvener et al. teach a hardware token holding a MAC address in order to allow for device 
identification. Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Sehr to also store network identification 
information for the processing unit on the storage. This modification would have been obvious 
because a person having ordinary skill in the art, at the time the invention was made, would have 
been motivated to do so since it is suggested by Houvener et al. in par. 33, lines 29-43. 
As per claims 2 and 32: 

Sehr and Houvener et al. substantially teach the portable storage device of claims 1 and 

3 1 . Furthermore, Sehr teaches the portable storage device comprising at least one secure storage 
portion accessible only under the control of the access controller (col. 18, lines 1-7 and 33-36). 
As per claims 3 and 33: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2 and 

32. Furthermore, Sehr teaches the portable storage device wherein said at least one encryption 
key is held in said secure storage portion (col. 18, lines 1-7 and 33-36). 

As per claims 4 and 34: 

Sehr and Houvener et al. substantially teach the portable storage device of claims 2 and 
32. Furthermore, Sehr teaches the portable storage device wherein at least one network security 
encryption key is held in said secure storage portion (col. 19, lines 3-33). 
As per claim 5: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2. 
Furthermore, Sehr teaches wherein a file is configured in said secure storage portion (col. 2, lines 
27-40). 
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As per claim 6: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2. 
Furthermore, Sehr teaches wherein one or more files containing information are configured in 
respective secure storage portions (col. 7, lines 25-39). 
As per claim 7 and 35: 

Sehr and Houvener et al. substantially teach the portable storage device of claims 2 and 
31. Not explicitly disclosed is wherein the access controller is operable to perform key-key 
verification of a request encrypted by a request key supplied from the processing unit and, in 
response to the request key verifying correctly, to return to the processing unit an access key 
derived from said at least one encryption key to permit access to the secure storage portion. 
However, Sehr teaches that particular card data is protected with encryption so that only the 
entity intended to receive the data does so. Furthermore, Sehr teaches that the key is used to 
encrypt a payment form that is sent to the cardholder who can only use the form by decrypting it 
with the correct key, thereby allowing access to the payment information held in the card in 
order to clear the payment. 

Therefore, it would have been obvious to a person in the art at the time the invention was 
made to modify the method disclosed in Sehr for the access controller is operable to perform 
key-key verification of a request encrypted by a request key supplied from the processing unit 
and, in response to the request key verifying correctly, to return to the processing unit an access 
key derived from said at least one encryption key to permit access to the secure storage portion. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since it is suggested by 
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Sehr in col. 17, lines 50-67. 
As per claim 8: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 7. 
Furthermore, Sehr teaches wherein the access controller is subsequently operable to respond to a 
command from the processing unit that is encrypted using the access key to access the secure 
storage portion (col 17, lines 50-67). 
As per claim 9: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2. Not 
explicitly disclosed is wherein the storage in the portable storage device comprises random 
access memory, the secure storage comprising a part of the random access memory. However, 
Houvener et al. teach that the hardware token contains memory and also teaches that 
modifications can be made to the specific elements used. Therefore, it would have been obvious 
to a person in the art at the time the invention was made to modify the method disclosed in Sehr 
for the storage in the portable storage device to comprise RAM. This modification would have 
been obvious because a person having ordinary skill in the art, at the time the invention was 
made, would have been motivated to do so since it is suggested by Sehr in col. 16, lines 1-19. 
As per claim 10: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 1 . Not 
explicitly disclosed is wherein the access controller is a programmed microcontroller. However, 
Sehr teaches that the information put on the card is configurable. Therefore, it would have been 
obvious to a person in the art at the time the invention was made to modify the method disclosed 
in Sehr for the access controller to be a programmed microcontroller. This modification would 
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have been obvious because a person having ordinary skill in the art, at the time the invention was 
made, would have been motivated to do so since it is suggested by Sehr in col. 16, lines 1-19. 
As per claim 1 1 : 

Sehr and Houvener et al. substantially teach the portable storage device of claim 1. 
Furthermore, Houvener et al. teach wherein the portable storage device is a smart card (par. 29). 
As per claim 12: 

Sehr and Houvener et al. substantially teach the processing unit of claim 1 . Furthermore, 
Houvener et al. teach wherein the network identity comprises a MAC address (par. 33, lines 29- 
43). 

As per claims 13, 21, 29, and 30: 

Sehr substantially teaches a processing unit, a control program for a processing unit, a 
microcontroller, and a server computer connectable to a data communications network, having a 
device reader for reading the portable storage device, the portable storage device comprising 
storage containing an access controller, the storage holding at least one encryption key, and the 
access controller being operable to control access to the storage by implementing key-key 
encryption (col. 18, lines 1-36). 

Not explicitly disclosed is the portable storage device containing network identification 
information or the storage holding a network identity for the processing unit. However, 
Houvener et al. teach a hardware token holding a MAC address in order to allow for device 
identification. Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Sehr to also store network identification 
information for the processing unit on the storage. This modification would have been obvious 
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because a person having ordinary skill in the art, at the time the invention was made, would have 
been motivated to do so since it is suggested by Houvener et al. in par. 33, lines 29-43. 

Also not explicitly disclosed is it being operable to access a secure portion of the storage 
of the portable storage device by supplying a key-encrypted request to the access controller, and, 
in response to receipt of an access key from the access controller, being operable to send an 
encrypted command to access the content of the storage of the portable storage device. 
However, Sehr teaches that particular card data is protected with encryption so that only the 
entity intended to receive the data does so. Furthermore, Sehr teaches that the key is used to 
encrypt a payment form that is sent to the cardholder who can only use the form by decrypting it 
with the correct key, thereby allowing access to the payment information held in the card in 
order to clear the payment. Therefore, it would have been obvious to a person in the art at the 
time the invention was made to modify the method disclosed in Sehr for it to be operable to 
access a secure portion of the storage of the portable storage device by supplying a key- 
encrypted request to the access controller, and, in response to receipt of an access key from the 
access controller, being operable to send an encrypted command to access the content of the 
storage of the portable storage device. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since it is suggested by Sehr in col. 17, lines 50-67. 
As per claims 14 and 22: 

Sehr and Houvener et al. substantially teach claims 13 and 21. Furthermore, Sehr teaches 
wherein, in response to the return of an access key, the processing unit is operable to use the 
access key to encrypt a command for access to a secure storage in the portable storage device 
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(col. 17, lines 50-67). 
As per claims 1 5 and 23 : 

Sehr and Houvener et al. substantially teach claims 13 and 21. Furthermore, Houvener et 
al, teach wherein the portable storage device is a smart card and the device reader is a smart card 
reader (par. 29). Not explicitly disclosed is wherein the access controller is a microcontroller. 
However, Sehr teaches that the information put on the card is configurable. Therefore, it would 
have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Sehr for the access controller to be a programmed microcontroller. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since it is suggested by Sehr 
in col. 16, lines 1-19. 
As per claims 16, 24, and 36: 

Sehr and Houvener et al. substantially teach claims 13,21, and 3 1 . Furthermore, 
Houvener et al. teach wherein the network identity comprises a MAC address (par. 33, lines 29- 
43). 

As per claims 17, 25, and 27: 

Sehr and Houvener et al. substantially teach claims 13 and 21. Furthermore, Sehr teaches 
a service processor, the service processor being programmed to control reading of the portable 
storage device (col. 3, lines 57-67). 
As per claims 18 and 28: 

Sehr and Houvener et al. substantially teach claims 17 and 27. Not explicitly disclosed is 
wherein the service processor is a microcontroller. However, Sehr teaches that the information 
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put on the card is configurable. Therefore, it would have been obvious to a person in the art at 
the time the invention was made to modify the method disclosed in Sehr for the access controller 
to be a programmed microcontroller. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since it is suggested by Sehr in col. 16, lines 1-19. 
As per claims 19 and 20: 

Sehr and Houvener et al. substantially teach claim 13. Not explicitly disclosed is wherein 
the processing unit is a computer server or a rack mountable computer server. However, Sehr 
teaches that information is stored and retrieved from a database. Therefore, it would have been 
obvious to a person in the art at the time the invention was made to modify the method disclosed 
in Sehr for the database to be a database server or a rack mountable server. This modification 
would have been obvious because a person having ordinary skill in the art, at the time the 
invention was made, would have been motivated to do so since it is suggested by Sehr in col. 19, 
lines 3-12. 
As per claim 26: 

Sehr and Houvener et al. substantially teach the control program of claim 21. 
Furthermore, Houvener et al. teach the control program on a carrier medium (par. 29). 

^References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

1. US Patent No. 6,654,797 

2. US Patent No. 6,260,111 
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3. US Patent No. 5,809,140 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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